Faster Dependabot Updates

Recently I came across a few projects that had many Dependabot PRs open against them.

Best practice would be to check that after a version update, software behaves the same and there is no regression, but this means that after merging in each version bump, we need to:

  1. Wait for pipeline to pass
  2. If we don't have a pipeline with tests, do some manual checking
  3. Revert if there is a problem

In an example where we have 5 packages that need updates, it would take 5 * the time it takes to merge a single one. What if we could merge all 5 at the same time?

git branch -r | grep 'origin/dependabot/' | while read -r branch ; do git cherry-pick $(git rev-parse $branch) ; done

This shell script parses origin for dependabot pull requests, and cherry picks all of them into your current branch.

This is a 500% increase! (in our example)

I put the gist here